Breach Disclosure Regulation

October 31, 2018
|

keep IT secure ahead of the Breach Disclosure Regulation

Keeping IT Secure

To keep your organization’s IT secure you have to build the right foundation on the internet. You need a cloud security platform that will give you cloud-based network security that will protect all connected devices. With integrated security, you need to know that you are giving your users the control and visibility to manage everything.

Your company must overcome several security challenges in the ever-changing regulatory landscape. You want a cloud security platform that will protect all of your data from cybersecurity threats.

Organizations must address their security and regulatory requirements to reduce threats, enhance network security and keep their organizations safe from cybersecurity threats—especially because these threats keep getting more and more sophisticated.

Starting on November 1, 2018, the Breach Disclosure Regulation will be in full effect.

Started almost three years ago when the Digital Privacy Act amended Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) to include a breach notification requirement. Announced weeks before the EU General Data Protection Regulation (GDPR) took effect on May 25, 2018, it seemed like this new regulation was timed in a way to bring Canadian standards in line with the GDPR. 

This new Breach Disclosure Regulation is being put forth to ensure that:

  • Canadians obtain consistent information about data breaches that can pose significant harm to them;
  • data breach notifications contain the right information to empower individuals to understand the significance and potential impact of the breach;
  • the Commissioner receives comparable information about data breaches; and
  • the Commissioner can verify that organizations are complying with the requirements of the regulation to notify affected individuals of breaches.

These Regulations will make it mandatory for organizations to conduct risk assessments to determine if the data breach poses a real risk of causing significant harm to individuals. This definition takes into account both the nature of the compromised data, as well as the probability that hackers will misuse it. Once they have completed the risk assessment, the organization must provide immediate notice to the affected individuals, as well as the Privacy Commissioner. While the regulation does not specify a time, it is clear that this step is paramount and time-sensitive. Similar to the European Union’s GDPR, the Breach Disclosure Regulations let companies keep updating their records as more information becomes available.

Finally, the compromised organizations must keep a record of every security incident for 24 months (two years) after the event occurred. These records need to be readily available to the Commissioner and contain the necessary information to let the Commissioner double-check the organization’s compliance with applicable requirements.

Even then, organizations have a responsibility to notify any affected individuals, third parties, in addition to the Privacy Commissioner in the event of a data breach that can post ‘significant harm.’ This harm includes physical harm to individuals, reputational damage, humiliation, and even financial losses.

The regulations are essential to our online security because our data is valuable to cybercriminals, and these cybercriminals are continuously evolving their methods at a pace that far outweighs how quickly we learn to prevent or recover from them.

Our ability to protect organizations and recover from breaches largely depends on the steps we take to strengthen our security posture. It’s important to understand that, while preventing cyber attacks is the key objective, a solid plan for remediation is equally necessary.

Link to blog: How Cisco Umbrella Benefits Healthcare 

How to Prevent a Cyberattack

Let’s start with the basics. Ask yourself if you’re following your company’s corporate policies on cybersecurity and patch management and change your procedures accordingly. Ensure you patch your applications, operating systems, and appliances.

Then you can check your first line of defence. Implement a multi-layered security strategy to block malicious destinations. Leverage the cloud and block compromised connections and install a malware blocker to stop malware from reaching the network and endpoint. For this, we recommend Cisco Umbrella; it provides a first-line-of-defence that does not require any hardware, and you can quickly deploy across your enterprise in minutes.

At least 90% of breaches are done through email because email takes threats directly to the endpoint. For this reason, email continues to be the primary tool cybercriminals use to spread malware. Relying on an email security solution that is good enough is not enough for defending your organization. 

In the event of a data breach, what is your plan? Evolve NX – powered by Cisco gives you the proactive services you need to prepare you in the event of a breach. We provide you with 24/7/365 IT support and evaluate a number of your data points to gain a deep understanding of your networks and practices.

Our team of IT specialists assess the situation and initiate a response.

View features here 

Share This Story, Choose Your Platform!